Today's homes increasingly host a menagerie of networked products:
televisions, teddy bears, thermostats, baby monitors, picture frames,
refrigerators, etc. In allowing these devices to communicate with cloud
servers over TLS-encrypted connections, device owners must trust that
their devices act honestly and respect their privacy. This is because
unlike prior Internet endpoints, such as Web browsers and smartphones,
Internet-of-Things devices rarely allow owners to modify the set of TLS
certificates that the device trusts. Permitting such modification could
allow owners to falsify billing data, attack the cloud service, or
expose their device to compromise.

We introduce a family of protocols, called TLS Rotate and Release
(TLS-RaR), that allow trusted devices, called "auditors", to decrypt but
not modify TLS traffic. Unlike prior work, TLS-RaR requires no changes
to TLS's wire format, is compatible with the TLS 1.3 draft, and already
works with some TLS servers in the wild today. TLS-RaR will allow
owners, consumer watchdogs, and independent researchers to audit what
data their devices send without compromising the devices' integrity.

Bio:

Judson Wilson received his B.S. in Mechanical Engineering from U.C.
Berkeley in 2007. Afterwards he spent 5 years designing embedded
electric power quality monitors at Power Standards Lab in Alameda, CA.
He then began studies at Stanford University in 2012, earning an M.S. in
Electrical Engineering, and spending summers at Apple, NVIDIA, and Bosch
Research. He is currently researching systems software and networking in
pursuit of a Ph.D. under the guidance of his advisor Philip Levis.